Table of Contents
Advertisement
Virtual Private Networks (VPN)
b. To disable dead peer detection:
(config)> vpn ipsec tunnel ipsec_example dpd enable false
(config)>
c. Set the number of seconds between transmissions of dead peer packets. Dead peer
packets are only sent when the tunnel is idle. The default is 60.
(config)> vpn ipsec tunnel ipsec_example dpd delay value
(config)>
d. Set the number of seconds to wait for a response from a dead peer packet before
assuming the tunnel has failed. The default is 90.
(config)> vpn ipsec tunnel ipsec_example dpd timeout value
(config)>
17. (Optional) Create a list of destination networks that require source NAT:
a. Add a destination network:
(config)> add vpn ipsec tunnel ipsec_example nat end
(config vpn ipsec tunnel ipsec_example nat 0)>
b. Set the IPv4 address and optional netmask of a destination network that requires source
NAT. You can also use any, meaning that any destination network connected to the tunnel
will use source NAT.
(config vpn ipsec tunnel ipsec_example nat 0)> dst value
(config vpn ipsec tunnel ipsec_example nat 0)>
18. Configure policies that define the network traffic that will be encapsulated by this tunnel:
a. Change to the root of the configuration schema:
(config vpn ipsec tunnel ipsec_example nat 0)> ...
(config)>
b. Add a policy:
(config)> add vpn ipsec tunnel ipsec_example policy end
(config vpn ipsec tunnel ipsec_example policy 0)>
c. Set the type of local network policy:
(config vpn ipsec tunnel ipsec_example policy 0)> local type value
(config vpn ipsec tunnel ipsec_example policy 0)>
IX20 User Guide
IPsec
311
Advertisement
Table of Contents
